Subscribe to the Relativity Blog

Cross-border Employees and Their International Data

Data breaches, privacy laws, and the challenges companies face when their employees cross international borders are top of mind for many corporations today. For those of us in the world of e-discovery, these issues affect everything we do. We at kCura have customers in 40 different countries, all with their own unique laws and regulations, so we certainly see these complexities.

Good Luck

The extent of those challenges may have been best summed up when a privacy panel’s moderator, Johan Lubbe, co-chair of Littler Mendelson’s international employment law practice, asked panelist Orrie Dinstein, global privacy leader for Marsh & McLennan, what he would say to companies trying to handle mobile and social media data, and the move toward employee bring-your-own-device (BYOD) policies.

Dinstein’s answer? “Good luck.”

Language and Law

Language is one of the most fundamental aspects of e-discovery law. We’re obsessed with words. Slight nuances in the language of the Federal Rules of Civil Procedure and Federal Rules of Evidence could provide years of endless entertainment at e-discovery conferences across the land.

So, naturally, some of the fundamental challenges of international data privacy law rest on the definitions of basic concepts.

For example, even the phrase “personal information” is defined differently in different nations. At the PLI event, John Hamlin of Marsh & McLennan noted that the United States’ definition of “disabled” is so broad almost anyone could qualify.

The influence of international cultural differences also impacts practical legal considerations when employees cross borders. For instance, Mercedes Balado Bevilacqua, partner at MBB Abogados, noted that when employees are sent to Argentina, employment agreements should be drafted in Spanish because Argentine courts will consider only documents in Spanish.

Argentina isn’t the only nation where cultural language traditions influence the law. Louise Patry of Davies Ward Phillips & Vineberg noted that, in the Canadian province of Quebec, workers have a legal right to communicate in French, meaning that employers need to ensure their supervisors can speak French.

Data Access Laws Around the Globe

Perhaps in no area of the law are these international differences more evident than in e-discovery.

At the event, Philip Berkowitz, United States co-chair of Littler Mendelson’s international employment law practice, noted that the United States has e-discovery “like nowhere in the world.” It’s no coincidence that our industry has seen such immense initial growth in the United States. So what different rules apply to data discovery in other nations?

U.S. litigants are able to obtain personal data during e-discovery that they would never be able to access in other nations, and the United States does not meet European Union data privacy requirements. Currently, the U.S.-EU Safe Harbor Framework provides a legal mechanism for cross-border e-discovery between Europe and the United States. That said, Freshfields Bruckhaus Deringer’s Timon Grau noted the NSA-Snowden controversy has put the Safe Harbor Framework in jeopardy.

Another cross-border e-discovery and employment challenge is the pending EU General Data Protection Regulation. During the PLI panel, IUNO’s Anders Reitz noted that the cross-border difficulties of the EU’s current data protection directive are largely caused by different EU nations’ interpretations of its provisions.

Though the GDPR should harmonize data protection laws across Europe and eliminate those ambiguities, it still presents a cross-border data challenge because its provisions differ significantly from U.S. law. For instance, Grau said the GDPR’s “massive, cartel-like fines” for data violations will have a significant impact on business.

Further complicating matters, attorneys cannot fall into the trap of thinking data transfer issues are only an EU-U.S. challenge. After all, the panel noted that 114 nations around the globe had data privacy laws—and none are exactly the same.

Best Practices

Of course, the PLI event didn’t only focus on the challenges of practicing international law. Speakers also discussed best practices for handling issues stemming from employees crossing borders for multi-national companies.

For example, Baba Zipkin, senior counsel at IBM, noted that companies should keep a close eye on changing immigration laws, adding that Canada and the United Kingdom have made it more difficult to bring foreign workers into those countries.

Additionally, Koch Industries’ Catherine LaChapelle noted that relying on corporate travel agents for booking international business travel is a good practice—even if cheaper deals can be found online. The central repository of employee travel information these agents store is often important for compliance purposes, and much easier to capture in the event of litigation related to business performed while traveling abroad.

On the data side, Marsh & McLennan’s Orrie Dinstein said seemingly innocuous, everyday office activities could lead to data privacy concerns. For example, he noted that Millennials enjoy taking photos in the office, but employers should be cautious about the legal data implications. Dinstein added that office smartphone pics weren’t the only everyday issue that can lead to problems.

“Every time I hear about a corporate health campaign, I know there will be data privacy issues.”

David Horrigan is e-discovery counsel and legal content director at kCura, a member of Legaltech News’ Editorial Advisory Board, and a former reporter and assistant editor at The National Law Journal.